Satoshi Scoop Weekly, 7 November 2025

Crypto Insights

Spark vs. Ark From the Perspective of a Wallet Developer

While exploring non-custodial, user-friendly Lightning access for Cake Wallet, the author examined two emerging Bitcoin Layer-2 protocols — Spark and Ark. While both support Lightning and interoperate with Bitcoin, but they diverge significantly in design philosophy and implementation. In this article, he compares the two.

Ark: Uses virtual UTXOs (VTXOs) and multi-round signing to migrate Bitcoin transactions off-chain, but requires trust in the Ark operator and introduces VTXO expiration management. Its round-based finality mechanism and VTXO renewal process create complexity, especially for mobile environments.
The user experience in many ways resembles on-chain payments, but with much lower fees and far faster settlement. When users want to send or receive Lightning payments, they can cooperate with a Lightning gateway to atomically swap VTXOs for Lightning payments.
Spark: Extends Statechains via “leaves,” enabling fast, trust-minimized payments, Lightning atomic swaps, and token transfers, while allowing unilateral offline receipt. However, privacy and address handling remain areas for improvement.

Overall, the author argues that Spark and Ark both lower the barrier to Lightning integration, improve UX, and offer flexible scaling options. Despite differing trust, privacy, and finality trade-offs, they mark a shift toward pragmatic and diverse expansion paths for Bitcoin — giving wallet developers simpler ways to support Lightning and tokens.

Bitcoin Knots' Transaction Filtering: Just a Failed DoS Attempt

Bitcoin Magazine contributor Shinobi argues that Knots’ attempt to filter so-called “spam” amounts to an ineffective denial-of-service attack on Bitcoin. Bitcoin’s design relies on fee-based competition to confirm all consensus-valid transactions — not subjective filtering. Node-level transaction blocking failed to prevent mining of those transactions and instead degraded block propagation efficiency. He critiques this approach as contrary to Bitcoin’s free-market and decentralized ethos, calling it a “failed DoS attack.”

He also dismisses recent proposals for a temporary soft fork to block such transactions, arguing they won't stop spam but will instead encourage more harmful behavior — like using fake ScriptPubKeys to encode their data in unspendable outputs, increasing UTXO bloat and harming network health.

Primal Demonstrates Live Micro-Tipping With Sats

Live sats tipping demo from Primal.

Home Miner Successfully Finds a Bitcoin Block Using Open-Source Hardware and Software

A solo home miner recently found Bitcoin block 920,440, earning 3.141 BTC. The setup included 6 nerdqaxe++ units and an Avalon Q miner (cost roughly 3,000 USD) — about 120–130 TH/s. Notably, both the mining hardware and pool software were open-source, and the miner participated through a self-hosted Public-Pool instance.

This success demonstrates that an individual user, with open hardware and software and no permission or third-party trust, can independently settle thousands of transactions and earn the same block rewards as major mining firms. Despite a tax bill likely consuming more than half the reward, the miner said the experience of participating in decentralized consensus and personally mining a block was more meaningful than the payout.

Image source: Reddit

Block Engineering Responds to Major AWS Outage With Multi-Region Resiliency

On October 20, AWS’s US-East-1 region experienced a major outage, affecting large parts of the internet, including Block — whose brands like Square, Cash App, Afterpay, and TIDAL depend on AWS for core services.

Block shared insights in this post about designing systems for resilience:

Regional diversity works: Multi-region and multi-AZ architecture limited blast radius and kept critical experiences online.
Cross-brand coordination matters: Centralized monitoring and shared tooling enabled fast communication and unified recovery.
Support systems need redundancy: Telephony, messaging, and vendor APIs must meet the same reliability standards.
Regular testing: Practice improves confidence and real-world incident response efficiency.

NCC Group Publishes Comprehensive Research on Blockchain Private-Key Security

Cyber security company NCC Group has released a “State of the Art of Private Key Security in Blockchain” series. It provides best-practice guidance and architectural considerations for developers, security specialists, and institutions managing digital assets.

The four-part series covers:

Major Implementation-Level Vulnerability Found in Post-Quantum Crypto — Laser Attacks Can Extract Keys

As countries accelerate deployment of quantum-resistant cryptography, NIST has standardized ML-KEM and ML-DSA as cornerstone schemes. However, a new study shows that while these algorithms are mathematically strong, implementations can be fatally flawed.

Researchers found a single point of fault centered on the random seed pointer during polynomial sampling. By tampering with this step — e.g., via laser fault injection — attackers can fully recover private keys and forge signatures. Experiments on STM32H7 microcontrollers achieved an up to 100% success rate. The vulnerability was also found in widely used libraries: PQM4, LibOQS, PQClean, and WolfSSL. The paper proposes mitigations for this overlooked yet serious risk.

Evaluating Coinjoin Privacy: Short-Term Drop in Anonymity, Long-Term Resistance Holds

Coinjoin enhances privacy by violating assumptions behind common analysis heuristics. Quantifying its privacy gains is complex and computation-heavy. A new research paper adapts BlockSci to analyze Coinjoin transactions and finds that for three major designs with a central coordinator — Whirlpool, Wasabi 1.x, and Wasabi 2.x — average post-mix anonymity set size shrinks significantly (10–50%). The sharpest drop occurs on the first day after mixing, and becomes negligible after one year from a Coinjoin creation.

The study proposes a precise, parallelizable evaluation method incorporating fees, implementation-specific constraints, and users’ post-mix behavior. Tests on simulated and real Wasabi 2.x Coinjoins show that despite user behavior can reduce anonymity, even improved analysis struggles to reliably re-identify owners — meaning privacy remains robust in the long term.